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(54) Apparatus for data copyright ntanagement system 



(57) A data copyright management apparatus is 
used with a user terminal and comprises a CPU, a CPU 
bus. ROM, EEPROM, and RAM. 

The CPU, ROM, EPROM, and RAM are connected 
to the CPU txis, and a system txjs of a device which uti- 
lizes the data can t>e connected to the CPUtxjs. Adata 
copyright management system program, crypt algo- 
rithm, and user information are stored in the ROM, and 
a second private-key. a permit Key. a second seaet-key, 
and copyright infamation are stored in the EEPROM. A 
first public-key. a first private-key. a second put^ic-k^, 
arid a first secret-key are transmitted to the RAM during 
the operation. The data copyright management appara- 
tus may t>e configured in the form of a monolitiiic or 
hytNid IC, a thin IC card. PC card, arxi insertion board 
which have a unique terminal. If a copyright manage- 
ment program is supplied from the external, the it is 
stored in the EEPROM, otherwise it is stored in the ROM. 

In addition to a microprocessor of user terminal 
which decrypts encrypted data for dsplaying and 
processing and re-encrypts the decrypted data for stor- 
irr-j, "^ying, or transferring, at least one micropi ocrdssor, 
desirably two mk;roprocessors, are added for decrypting 
and re-encrypting data which is encrypted and supplied. 
The microprocessors to be added may be connected to 
a system bus of the mk^oprocessor of the user terminal, 
it is desirable that a multiprocessor configuration is 
implemented by using a SCSI bus, PCI bus. or SCI bus. 
Apparatus for decryption and re-encryption may be con- 
figured separately or as a unit Device which is used to 
input and output encrypted data may be connected 
directly to the apparatus for decryption and re-encryp- 
tion. The data copyright management apparatus may t)e 
inrplemented in the form of a monolithic iC. a hybrid IC, 
or a built-in subtx>ard. and ttie apparatus in these forms 



is incorporated in a computer, television set set-top box, 
digital video tape recorder, digital vkJeo disk recorder, 
digital audio tape apparatus, or personal digital assist- 
ants, and the like. 



Fig. 3 



20 



48 

■v; 



COfft 


23 


CDRD 


34 


FDD 


25 


HDD 


J 




t 




t 







30, 



ROM 

X 



19 



31 



EEP 
ROT 



Printed by Rank Xbtck. (UK) Business Services 
2.11.9/3.4 



1 



EP 0 715 241 A2 



2 



Description 

Field of the Invention 

Hie present Invention relates to an apparatus for dis- 
playing, storing, copying, editing or transmitting digital 
data in using data, and intends to protect digital data cop- 
yrights. 

Background of the Invention 

In infonnation-oriented society of tod^, a datat>ase 
system has been spread in which various data values 
having independently been stored in each oonputer so 
far are mutually used by connecting conputers by conv 
munication lines. 

The information having been handled by the data- 
t>ase system is classical type coded information which 
can be processed by a computer and has a small anrK>unt 
of information or monochrome binary data like facsimile 
data at most Therefore, the database system has not 
been able to handle data with an extremely large anrKXjnt 
of information such as a natural picture arxj a motion pk;- 
ture. 

KkTwever. while the digital processing technique for 
vark>us electric signals develops, development of the 
digital processing art for a pk;ture signal other than 
t}inary data having k>een handled only as an analog sig- 
nal is progressed. 

By digitizing the akxyve pk;ture signal, a pkrture sig- 
nal such as a telension signal can be handled by a com- 
puter. Therefore, a "multimedia system" for handling 
various data fiandled by a computer and picture data 
obtained by digitizing a picture signal at the same time 
is noticed as a future technkiue. 

Because picture data includes an ovenwhetming^y 
large amount of information compared to character data 
and audio data, it is drff teult to cfirectiy store or transmit 
the picture data or apply various processings to the pk;- 
ture data by a computer. 

Therefore, it has been conskJered to compress or 
expand the picture data and several standards for com- 
pressing or expanding picture data have been prepared. 
Among those standards, tiie following starKJards have 
been prepared so far as common standards: JPEG (Joint 
Photographic image coding Experts G^otf}) starxJard for 
a still pk:ture, H.261 standard for a vkieo conference 
MPEG1 (Movii ig Picture image cocGng Experts Groip 1) 
standard for storing pictures, and MPEG2 con-esporxjing 
to the present telecast and tire high-definition telecast 

Real-timeprocessingofdigitalpk:turedata has been 
realized by these technkiues. 

Because hitherto wkfely-spread anak)g data is dete- 
riorated in quality whenever storing, copying, editing, or 
transmitting it copyrights produced due to the above 
operation has not t>een a large problem. However, 
because digital data is not deteriorated in quality after 
repeatedly storing, copying, editing, or transmitting it, the 



control of copyrights produced due to the above opera- 
tion is a large problem. 

Because there is not hrtiierto any exact method for 
dealing with a copyright for digital data, the copyright is 
s handled by the Copyright Act or relevant contracts^ Even 
in the Copyright Act compensation nfK)ney for a cBgrtal- 
type sound- or picture-recorder is only systematized. 

Use of a database includes not only refemng to the 
contents of the datak>ase but also normally effectively 
10 using ttie database by storing, copying, or editing 
obtained data. Moreover, it is possible to transnvt edited 
data to another person via on-line by a communication 
line or a proper recording medium. 

Furthermore, it is possible to transmit the edited data 
15 tothedatat>asetoenter itasnewdata. 

In an existing datat>ase system, only character data 
is handled. In a multimedia system, however. audk> data 
and picture data which are originally analog data are dig- 
itized and formed into a database in addition to the data 
20 such as characters whtoh have been formed into adata- 
basesofar. 

Under the above situation, fiow to deal with a copy- 
right of data formed into a datak>ase Is a large problem. 
However, there has not been adequate copyright man- 

25 agement means for solving the prot)lem so far. particu- 
larly copyright management means completed for 
secondaryutilizationofthedata such as copying, editing, 
or transmitting of the data. 

Although data of "Software with advertisement" or 

30 "free software" is, generally, available free of fee. it is cop- 
yrighted arxj its use may be restrk;ted by the copyright 
depending on the way of use. 

The inventor of the present invention et al. proposed 
a system for managing a copyright t>y obtaining a permit 

35 key from a key control center via a jiHiblk; telephone line 
through Japanese Patent Laki-Open No. 46419/1994 
and Japanese Patent Laid-Open fsto. 141004/1994 and 
moreover, proposed an apparatus for managing the cop- 
yright through Japanese Patent Lakl-Open No. 

40 132916/1994. 

Furthermore, they proposed a system for managing 
a copyright of digital date through Japanese Patent 
Applk^ation No. 64689/1994 and Japanese Patent Appli- 
cation No. 237673/1994. 

45 In these systems and apparatos. one who wants to 
view and listen encrypted programs requests to a control 
center for viewing by using communk^ation device via a 
communications line, and the control center sands a per- 
mit key to the requester, performs charging and collects 

50 a fee. 

/Vfter receiving the permit key, the requester sends 
the permit key to a receiver by using an on-line or off-line 
means, the receiver then decrypts the encrypted pro- 
grams using the permit key. 
55 Moreover, the system disclosed in Japanese Patent 
Applicalion No. 64689/1994 uses a program and copy- 
right information tor managing the coyrigtit in addition to 
ttie permit k^ so that the copyright in display (including 
process to sound), storage, copying, editing, or transmit- 
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ting of the digital data in a database system including 
real-time transmission of a digital picture can be man- 
aged. The program for managing the copyright watches 
and manages to prevent users from using oth^ than the 
conditions of user's request or permissbn. 5 

The Japanese Patent Application No. 64889/1994 
further discloses that data is supplied with encrypted 
from a database, decrypted by copyright management 
program when displayed or edited, and encrypted again 
when it is stored, copied or transmitted. Also the copy- 10 
right management program itself being encrypted; 
decrypted by a permit key; the copyright management 
program thi« decrypted performing encyption and 
decryption of copyright data; and when data Is utilize- 
dother than storage and displaying, copyright informa- is 
tion including information of the person who has utilized, 
being stored as history In addition to original copyright 
infbnmation, are disclosed. 

Though the present invention is descnl^ t)elow, 
general description is made for cryptography at first 20 

The cryptography includes a secret-key cryptosys- 
tern and a put)lic-key cryptosystem. 

The secret-key cryptosystem is a cryptosystem 
using the same crypt key for encryption and decryption. 
While this cryptosystem requires only a short time for 25 
encryption or decryptioa the secret-k^ is found, and 
thus, the cryption may be cryptanalized. 

The public-key cryptosystem is a cryptosystem in 
which a key for encryption is open to the public as a put>- 
Ib-key and a k^ for decryption is not open to the public, so 
The key for encryption is refenred to as a public-key and 
the key for decryption is referred to as a private-key. To 
use this cryptosystem, it is necessary that a party for 
transmitting information encrypts the information with a 
put)lic-key of a party for receiving the intormation and the 3S 
party for receiving the information decrypts the infomrta- 
tion with a private-key not open to the public. While this 
cryptosystem requires relatively a long time for encryp- 
tion or decryption, the private-key can hardly be found 
and it is very difficult to cryptanalyze the cryption. 40 

In the cryptography, a case of encrypting a plaintext 
M with a crypt k^ K to obtain a cryptogram C is 
expressed as 

C = E(K,M) 45 

andacaseofdeaypting the cryptogram C with the crypt 
key K to obtain the plaintext M is expressed as 

M = D(K, C). 50 

The cryptosystem used for the present invention 
uses a seaet-key cryptosystem in which the same 
secret-key }<& is used for encryption and decryption, arxi 
a public-k^ cryptosystem in which a public-key Kb is ss 
used for encryption of a plaintext and a private-k^ Kv is 
used for decryption of a cryptogram. 

Figure 1 shows a structure of the data copyright 
management system disclosed in the prior Japanese 
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Patent Application No. 237673/1994 in which the appa- 
ratus for data copyright management system of the 
present invention is used. 

In this system, encrypted data is two-way supplied 
in accordance with a request from the primary user 4. 

This system rises the secr^-key cryptosystem and 
the public-key cryptosystem as a cryptosystem. 

It is matter of course that this system can be applied 
when using a sateU'rte broadcast, ground wave broad- 
cast, CATV broadcast or a recording medium other than 
a datat>ase as data supply means provkied with adver- 
tisement requiring no charge or encryption. 

In this system, reference numeral 1 represents a 
database, 4 represents a primary user terminal, 5 repre- 
sents a secondary user terminal. 6 represents a tertiary 
user terminal, and 7 represents an n-order user terminal. 

And 3 represents a copyright management center, 
8, 9, and 10 represent a secondary copyright data, terti- 
ary copyright data, and n-ord^ copyright data stored at 
the copyright management center 3. and 2 represents a 
oommunrcation n^work such as a pMc telephone line 
offered tiy a communication enterprise or a CATV line 
offered by a caSaHe television enterprise. 

On the above arrangement, the database 1 , primary 
user terminal 4, secorxiary user terminal 5, tertiary user 
terminal 6, n-order user terminal 7, and copyright man- 
agement center 3 are connected to the communk»tion 
network 2 and also they can be connected each other. 

In this figure, a path shewn by a tM'oken line repre- 
sents a path for erKTypted data, a path shown by a solid 
line represents a path of requeste from each user termi- 
nal, a path shewn by a one<k}t chain line represents a 
path through which authorizatkKi information corre- 
sponding to a utilization request in each data and a crypt 
key are transfen-ed, and a path shown tjy a two-dot chain 
line represents a path through which copyright informa- 
tion is transferred from the database or from the data to 
a next-order data within copyright management center. 

Each user who uses this system is previously 
entered in a database system and in this time, database 
utilization software is provided him. The datat)ase utili- 
zatk)n software includes a program for decrypting an 
encrypted copyright management program in addition to 
normal comnrunication software such as data communi- 
cating protocol. 

To use the datat>ase 1 , a primary user prepares pri- 
mary-user authentication data Aiil, a first put)lic-key 
Kbi, a first private4f3y Kvl conresponding to the iirst 
public-key Kbi, a second public-key Kb2, and a second 
private-key Kv2 corresponding to the second public-key 
Kb2. and accesses the database 1 from the primary user 
terminal 4 via the comnrtunication network 2. 

The datat>ase 1 receiving the primary-user authen- 
tication data Au1 , first put)lic-key Kb1 and second pubiic- 
key Kb2 from the primary user confirms the primary-user 
autiientication data Au1 and transfers the confirmed pri- 
mary-user authentication data Aul to the secondary 
copyright management center 3 as the primary user 
information Iu1. 



3 



5 



EP0715 241 A2 



6 



The database 1 prepares two seCTet-keys. that is, 
first secret-key Ks1 and second secret-key Ks2. 

In the prepared first secret-key Ksl and second 
seaet-key Ks2, the second secret-key Ks2 is also previ- 
ously transferred to the copyright nnanagement center 3. s 

As the result of the above transfer, a permit key cor- 
responding to primary utilization, the primary user infor- 
mation lul. original copyright information IcO and the 
second secret-key Ks2 are stored in the copyright man- 
agement center 3. In this case, the original copyright io 
information IcO is used for copyright royalties distribution. 

When a primary i^er who desires data utilization 
accesses the database 1 from the primary user terminal 
4, a data menu is transferred to him. In this case, infor- 
mation for charges may be displayed together with the is 
data menu. 

When the data menu is transferred, the primary user 
retrieves in the data menu to select the data M. In this 
case, the original copyright information teO of the 
selected data M transmitted to the copyright manage- 20 
ment center 3. The primary us& selects permit key Kpl 
corresponding to the required form of the usage such as 
viewing, storing, copying, editing and transmitting of 
data. Permit key Kpl is also transmitted to the copyright 
management center 3. 25 

Because viewing and storing of data are the mini- 
mum required forms of use for the primary user, these 
forms of use may be excluded from the choices as the 
minimum usage, and offering only copying, editing arxi 
transmitting as tfie choices. 30 

The original data MO is read out of the datat>ase 1 
in accordance with a request of the primary user. The 
read original data MO is encrypted t>y the first seaet-key 
Ksl: 

35 

CmOksl =E(Ki5l,M0). 

The encrypted data CmOksl is provided with the 
uncrypted original copyright information IcO. 

The first secret-k^Ks1 is encrypted by the first pub- 40 
lie-key Kbi arxj the second secret-key Ks2 is encrypted 
by the second public-key kb2: 

Cks1kb1 =E(Kb1,Ks1) 

45 

Cks2kb2 = E(Kb2, Ks2). 

While the copyright management program P is also 
encrypted by the second secret-key Ks2 

50 

CpKs2 = E{Ks2. P). 

the copyright managen^ent program P must not always 
be encrypted by the second secret-key Ks2 but it may be 
encrypted by any other proper crypt k^. ss 

The encrypted original data CmOksl, encrypted 
copyright management program Cpks2, and two 
encrypted secret-keys Cks1 kbi and Cks2kt>2 are trans- 



ferred to the primary riser terminal 4 via the communica- 
tion network 2, and charged, if necessary. 

It is possAtAe to store the enaypted copyright man- 
agement program Cpks2 such as in a ROM in the user 
terminal 4 instead of being supplied from the database 1 . 

The primary user receiving the encrypted original 
data CmOksl. two encrypted secret-keys Cks1kb1 arxi 
Cks2kb2, and enaypted copyright management pro- 
gram Cpks2 from the database 1 decrypts the encrypted 
first seaet-key Cks1 kbi by the database utilizatton soft- 
ware using the first private-key Kvl corresponding to the 
first publK-key Kbi: 

Ksl =D(Kv1,Cks1kb1), 

and decrypts the encrypted second secret-key Cks2Kb2 
using the second private-k^ Kv2 corresporxling to the 
second put)lic-key Kb2: 

Ks2 = D(Kv2, Cks2kb2). 

And the primary user deaypts the erx^rypted copy- 
right management program Cpks2 using the decrypted 
second seaet-k^ 1^: 

P = D(Ks2, Cpks2). 

Rnally, the primary userdecrypts the encrypted data 
CmOksl ty the decrypted copyright management pro- 
gram P using the decrypted first seaet-key Ksl : 

MO = D(Ks1, CmOksl) 

and uses the decrypted original data MO directly or data 
M1 as edited. 

As desabed above, the first private-key Kvl and 
secoTKl private-k^ Kv2 are aypt keys prepared by the 
primary user but not opened to others. Therefore, even 
rf a third party obtains tire data M, it is impossible to use 
the encrypted data M by deaypting it 

Thereafter, to store, copy, or transmit the data M as 
the original data MO or the edited data Ml , it is encrypted 
and decrypted by the second seaet-key Ks2: 

Cmks2 ^ E(Ks2. M) 

M = D(Ks2, Cmks2). 

The decrypted second seaet-key }<s2 is thereafter 
used as a crypt key for encrypting/decrypting data when 
storing, copying, or transmitting the data. 

The first private-key Kvl and second private-key 
Kv2. the first secret-key Ksl and second seaet-key Ks2, 
the data M, the copyright management program P, the 
original copyright information Ic, and also the original 
copyright information IcO arxi also copyright information 
Id for information of the primary user and edited date 
and time when edited the data by the primary user are 
stored in the primary user terminal 4. 
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MoreGver, it is further protected by attaching the cop- 
yright information Ic1 to the data as copyright information 
label, and adding the digital signatura 

The encrypted data Cmks2 is encrypted to be dis- 
trbuted. Since the copyright Information label provides 
a due to obtain the second secret-key Ks2 which is the 
key for decryption, the second seaet key Ks2 cannot be 
obtained in the case where the copyright information 
label is removed from the encrypted data Cmks2. 

When the encrypted data Cmks2 is stored in the pri- 
mary user terminal 4. the second secret-key KSZ is 
stored in the terminal 4. hfowever, when the encrypted 
data Cmks2 is not stored in the primary user terminal 4 
but is copied to the recording medium 11 or transmitted 
to the secondary user terminal 5 via the communication 
network 2. the second secret-key Ks2 Is disused in order 
to disat^le siteequent utilization of the data in the pri- 
mary user temninal 4. 

In this case, it is possft>le to set a limitation for rep- 
etitions of copying or transmitting of the data so that the 
second secret-key K82 is not disused within limited repe- 
tions of copying and transmitting of the data. 

The primary user who is going to copy the data M to 
the external recording medium 11 or transmit the data M 
via the communication network 2 must prepare the sec- 
ond secret-key Ks2 to encrypt the data M by this second 
secret-key Ks2 t>efore copying or transmitting the data: 

Cmks2 = E(Kb2. M). 

The uncrypted original copyright information IcO and 
primary-user copyright informatfon Id are added to the 
encrypted data Cmk82. 

Before using a database, a secondary user, similar 
to the primary user, prepares authentication data Au2 for 
authenticating the secondary user, a third public-key Kb3 
and a third private-k^ Kv3 corresponding to the third 
put)lic-k^ Kb3, a fourth put)lic-key Kb4, and a fourth pri- 
vate-k^ Kv4 corresponding to the fourth public-key Kb4. 

The secondary user who desires secondary utiliza- 
tion of the copied or transmitted encrypted data Cmk52 
must designate original data name or numt>er to the cop- 
yright management center 3 to request for secorvJary uti- 
lization to the center 3 from the secondary user terminal 
5 via the communteation network 2. In this time, the sec- 
ondary user also transfers the third public-key Kb3 and 
the fourth public-key Kb4 as well as the secondary user 
authentication data Au2, original copyright informatfon 
IcO and primary user copyright information k;1 . 

The copyright management c^er 3 receiving the 
secorxiary utilization recfuest from the secondary user 
confirms the secondary-user authentication data Au2, 
and transfers confirmed secondary-user authentication 
data Au2 to the tertiary copyright data 9 as secondary 
user information. 

When the secondary copyright information k:1 of the 
primary user ts transferred, the secondary copyright 
information Id is inquired to the secondary copyright 
data 8, and then, it recognizes the secondary copyright 



information Id to be transferred to the tertiary copyright 
data 9. 

The secondary user selects permit key Kp2 corre- 
sponding to the form of data usage such as viewing, stor- 
5 ing. copying, editing and transmitting of data. Permit key 
Kp2 corresponding to the selected usage is sent to the 
tertiary copyright data 9. 

Because viewing and storing of data are the mini- 
mum required forms of use for the secondary user, these 
10 fomns of use may be excluded from the choices as the 
minimum usage, offering only copying, editing and trans- 
mitting as the choices. 

The secondary copyright data 8 prepares a third 
secret-k^ Ks3. 
IS The prepared third secret-key Ks3 is transferred to 
and stored in the tertiary copyright data 9. 

As the result of the above transfer, the permit key 
Kp2, primary user copyright Information Id, primary 
user infomrtation lul, original copyright information k;0, 
20 secondary user information Iu2, and third seaet-key Ks3 
are stored in the tertiary copyright data 9. The permit k^ 
Kp2, primary user copyright information tol , and primary 
user information lul are used for copyright royalties dis- 
tritxition. 

25 Hereafter similarly, permit key Kpn con-esporxiing to 
n-order usage, copyright informatfon for secorxJary 
expfoitation right lcn-1 of (n-1)-order user, primary user 
infomiation lul, original copyright information IcO, n- 
order user information lun, and n-th secret-key Ksn are 

30 Stored in n-order copyright data 1 0. 

The permit key Kp2, primary user information lul, 
original copyright information IcO and second secret-key 
Ks2 are read out of the secondary copyright data 8. The 
original copyright irrformation k:0 is used for copyright 

35 royalties distribution. 

The read second seaet-key Ks2 arxi third secret- 
key Ks3 are encrypted by the third public-key Kb3 and 
fourth public-key Kb4 of the secondary user respectively: 

40 Cks2kb3 = E(Kb3, Ks2) 

Cks3kb4 = E(Kb4,Ks3). 

The copyright management program P is encrypted 
45 by ttie third secret-key Ks3: 

Cpks3 = E(Ks3, P). 

The encrypted copyright management program 
50 Cpks3, encrypted second secret-key Cks2kb3, and 
evcfypted third secret-key Cks3kb4 are transferred to 
the secondary user terminal 5 via the communication 
network 2. In this case, charging is performed, if neces- 
sary 

55 The secondary user receiving two encrypted seaet- 
keys Cks2kt>3 and Cks3kt>4 and the encrypted copyright 
management program Cpks3 from the secondary copy- 
right data 8 decrypts the encrypted second secret-key 
Cks2kk>3 by the third private-key Kv3, and decrypts the 
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encrypted third secret-key Cks3kb4 by the fourth private- 
key Kv4 corresponding to the fourth put)llc-k^ Kb4, 
using the database utilization softmre: 

Ks2 = D(Kv3, Cks2kb3) 

Ks3=D(Kv4. Cks3kb4). 

The encrypted copyright management program 
Cpks3 is decrypted by the decrypted third seaet-key 
Ks3: 

P = D(Ks3, Cpks3). 

Then, the encrypted data Cmk82 is deaypted to use 
it by the decrypted second secret-key Ks2 using 
decrypted copyright management program P: 

M = D(Ks2, Cmks2). 

As descnt>ed atxive, the third private-key Kv3 and 
the fourth private-k^ Kv4 are prepared by the secondary 
user but not opened to others. Therefore, even if a third 
party obtains the encrypted data Cmte2, It Is impossible 
to use the data by decrypting H 

Each user who uses atx3ve-nDentioned system must 
previously be entered in a database system, and when 
entered in thte system, software for database is supplied 
to the user. 

Because the software Includes not only normal com- 
munication software such as a data communication pro- 
tocol but also a program for decrypting a copyright 
management program by a first crypt-key. it is necessary 
to be protected. 

A first crypt-key K1, a second crypt-k^ K2. and a 
copyright management program P are transferred to 
each user in order to use data M , and each user keeps 
these keys and the program. 

Further, the copyright informatfon label, user infor- 
mation, the public-key and private-key in the pidDlic-key 
cryptosystem arxJ the program containing algorithm for 
generating the secret-k^ are kept when needed. 

For keeping them, it is the simplest nteans to use a 
flexible disk. However, the f lexfole disk is easy in disap- 
pearance or alteration of data. 

Moreover, a hard disk drive is also unstable for dis- 
appearance or atteratfon of data though it is more stat)le 
t*-an the flexit>le disk. 

Recently, an IC card is spread in which an IC ele- 
ment is sealed in a card-like package. Particularly, stand- 
ardizatfon of a PC card with a n^croprocessor sealed in 
it is progressed as a PCMCIA card or JEIDA card. 

The data copyright management apparatus pro- 
posed by the inventor of the present invention et al. in 
the prior Japanese Patent application No. 237673/1994 
is descrit>ed in Figure 2. 

The data copyright management unit 15 is config- 
ured as a computer system, comprising a microproces- 
sor (CPU) 16, a focal bus 17 of CPU 16, read only 



memory (ROM) 18 connected to local bus 17, and 
write/read memory (RAM) 19, wherein the focal bus 17 
being connected to system bus 22 of the microprocessor 
21 of the user terminal 20. 

5 Moreover, a communication unit (COMM) 23 which 
receives data from an external database and transfer 
data to the external database, a CD-ROM drive (CDRD) 
24 which reads data provided by CD-ROM, aflexibledisk 
drive (FDD) 25 which copies received or edited data to 

10 a flexible disk drive to provide outside with such data, 
and a hard disc drive (HDD) 26 which stores data are 
connected to the system bus 22 in tfie user terminal 20. 

As a matter of course, ROM and RAM or the like are 
connected to the system txis 22 of the user terminal. 

IS however, it is not shown in the figure. 

Rxed information, such as software and user data, 
for utilizing the database is stored in ROM 1 8 of the data 
copyright management unit 15. 

A crypt-key and the copyright management program 

20 provided from tt^e k^ control center or copyright man- 
agement center are stored in RAM 1 9. 

The process of decryption and re-encryption are 
performed by the data copyright management unit 15, 
only of which results are transferred to the user terminal 

25 20 via the local bus 1 7 arxi the system bus 21 oftheuser 
terminal. 

The data copyright management unit 15 is imple- 
nr>ented as nfK>nolithic IC, hybrid IC, an expansion tx>ard, 
an IC card, or a PC card. 

30 

Summary of the Invention 

In the present applicatfon, apparatus for data copy- 
right management system, resulted from further imple- 

35 mentation off the apparatus used in the user terminal 
proposed in the prior Japanese patent application No. 
237673/1994, is proposed. 

The apparatus for data copyright management in the 
present invention is attached to the user terminal, which 

40 comprises central processing unit, central processing 
unit bus. read only s^nconductor memory, electrically 
erasable pro^ammable menxxy, arxi read^vrite mem- 
ory. 

Central processing unit, read only semiconductor 
45 menfx>ry, electrically erasat)le programmable memory, 
and read/Write memory are connected to the central 
processing unit bus, and also system bus of a unit which 
' utilizes the data can t>e connected to it. Data copyrigtit 
management system program, a crypt algorithm, and 
so user information are stored in the read only semiconduc- 
tor menrxxy, and a second private-key, permit key, sec- 
ond secret-key. and copyright information are stored in 
the electrically erasable programmable memory, 
wherein first public-key. first private-key, second public- 
55 key. and first secret-key being transferred to the 
readMrite memory at the operation of the unit. If the cop- 
yright management pro^m is provkJed from the out- 
side, it is stored in the EEPROM. Othenvise, it is stored 
in ROM. 
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As a form of the data copyright management appa- 
ratus, moTOlHhic IC, hybrid IC, a thin IC card with special 
terminal, a PC card, and a board for Insertion can be 
availat)le. 

In the data copyright management system 
described above as prior invention, while the obtained 
encrypted data is decrypted for utilization of display- 
ing/editing, the obtained a edited data ^ re-encrypted 
to store/copy/bransfer so that no unauthorized use of the 
data can be available. 

Accordingly, in the apparatus used in the data cop- 
yright management system of the present invention, re- 
encryption of data, as well as decryption of data should 
be performed concurrently, however, those data copy- 
right management apparatus desaODed in the prior appli- 
cations can perform only one process of either data 
decryption or data re-encryption. 

TTius, in the present application, a data copyright 
management apparatus which, at the same time, can 
decrypt and re-encrypt data encrypted and supplied in 
order to manage copyright is proposed. 

For the purpose of that, data which was encrypted 
and provided is decrypted and re-encrypted by adding 
at least one miaoprocessor, preferably 2 microproces- 
sors, in addition to the microprocessor tfiat controls the 
entire user terminal therein. When one microprocessor 
is added, one of the 2 microprocessors, one included in 
the user terminal or one added, will decrypt data and the 
other will re-encrypt data. 

When 2 microprocessors are added, one of the 
added microprocessors will decrypt data, the other 
microprocessor will re-encrypt data, and the microproc- 
essor of the user terminal will control the entire opera- 
tion. 

Although the added microprocessors may be con- 
nected to system bus of the microprocessor in the user 
tOTninal, this configuration may not alicw a multiproces- 
sor configuration to operate plural miaoprocessors con- 
cun-entty. 

Therefore, in the preserrt application, a data copy- 
right manag^ent apparati^ as a nnultiprocessor con- 
figuration utilizing SCSI bus or PCI bus is proposed. 

Other than character data, digital data includes 
graphic data, computer program, digital audio data, still 
picture data of JPEG standard, and motion-picture data 
of MPEG standard. 

While the data works comprising these data are uti-^ 
lized by using various apparatus, it isr necessary that'^ 
these apparatus should also include the data copyright 
management function. 

Thus, in the present application, it is proposed that 
as a form of use. these data copyright management 
apparatus and tiie data copyright management appara- 
tus descnl^ed in the prior application are incorporated in 
various systems. 



Brief Description of tiie Drawings 

Rgure 1 is a block diagram of the data copyright 
management system of tiie prior invention. 
5 Rgure 2 is a block diagram of the data copyright 
management apparatus of tiie prior invention. 

Rgure 3 is a block diagram of the data copyright 
management apparatus of embodiment 1 of the present 
invention. 

10 Rgure 4 is a specific block diagram of the data cop- 
yright management apparatus of the embodiment 1 of 
tiie present invention. 

Rgure 5 is a process flow chart of data copyright 
management system related to the present invention. 
IS Rgure 6 is a block diagram of the data copyright 
management system of the prior invention. 

Rgure 7 is a flow chart of a general edit process of 
digital data. 

Rgure 8 is a flow chart of encrypted data edit proc- 
20 ess of the present invention. 

Rgure 9 is a block diagram of the data copyright 
management apparatus of embodiment 2 of the present 
invention. 

Rgure 10 is a block diagram of the data copyright 
25 management apparatus of embodiment 3 of the present 
invention. 

Rgure 11 is a block diagram of the data copyright 
management apparatus of embodiment 4 of the present 
invention. 

30 Rgure 12 is a block diagram of tiie data copyright 
management apparatus of emkxxJIment 5 of the present 
invention. 

Rgure 13 is a block diagram of tiie data copyright 
management apparatus of embodiment 6 of the present 
35 Invention. 

Rgure 14 is a block diagram of the digital cash sys- 
tem as one example of use of tiie present invention. 

Rgure 1 5 is a block diagram of the video conference 
system as one example of use of the present invention. 

40 

Detailed Description of the Prefened Embodiments 

The detailed embodiments of the present invention 
are descrit>ed below with reference to the drawings. 

45 The embodiment 1 of the data copyright manage- 
ment apparatus related to the present invention is shown 
in a block diagram of Figure 3. 

The data copyright rhanagement unit 30 indudes 
electrically erasable programmable memory (EEPROM) 

50 31 in addition to the components of the data copyright 
management unit 15 descn'bed in the prior application 
Ho. 237673/1994. 

The data copyright management unit 30 is a com- 
puter system having CPU 16. local bus 17 of CPU 16. 

55 ROM 18 connected to local bus 17. RAM 19, and EEP- 
ROM 31, wherein local bus 17 being connected to tiie 
system bus 22 of the miaoprocessor 21 in the user ter- 
minal 20. 
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Moreover, oommunication unit (COMM) 23 which 
receives data from external datak)ase arxl transfers data 
outside. CD-ROM drive (CDRD) 24 which read data pro- 
vided by CD-ROM. a flexible disc drive (FDD) 25 which 
copies data received or edited in order to supply to the 
outside, and hard disk drive (HDD) 26 which stores data 
are connected to the system bus 22 of the user terminal 
20. 

Further. ROM and RAM are connected to the system 
bus 22 of the user terminal, however, it is not shown in 
the f i^re. 

Fixed information such as a data copyright manage- 
ment program, a cryptography program based on crypt 
algorithm, arxi user data are stored in ROM 18. 

A crypt-key and copyright information are stored in 
EEPROM 31. Further, when data copyright manage- 
ment program and cryptography program are supplied 
from outside such as from database, they are stored in 
EEPROM 31 . rather than in ROM 1 8. 

The data copyright management unit 30 peribrms 
the process of decryption or re-encryption, only the result 
of which are transferred to the user terminal 20 via local 
kxjs 17 arxJ system bus 22. 

The data copyright management unit 30 is imple- 
mented as a monolithic IC. a hytMid IC, an expansion 
board, an IC card, or a PC card. 

Fixed data such as a data copyrig^ managenrmnt 
program, a cryptography program based on crypt algo- 
rithm, and user data are stored in ROM 18 of the data 
copyright management unit 30 in the embodiment 1 . 

Further, a program for generating secret-keys based 
on secret-key algorithm of not secret, a decryption pro- 
gram, and a re-erx»^ption program may be stored in 
ROM 18. 

A crypt-key and copyright information are stored in 
EEPROM 31. Moreover, when the copyright manage- 
ment program and the erxryption program are supplied 
from the outside such as database, they are stored in 
EEPROM 31. rather than ROM 18. StiH more, the EEP- 
ROM is not necessarily required and may t>e omitted. 

Either one of the first crypt-key or the second crypt- 
key supplied from the key control center or copyrigfrt 
management center, and data copyright man^ement 
system program are stored in RAM 19. 

On the other hand, infamation such as software arxi 
the user data required MPU 46 in the user terminal 
20 are supplied to the user terminal 20 by the software, 
aihd stored in RAM of the user terminal 20. 

Besides, either one of the first crypt-key or the sec- 
ond crypt-k^ supplied from the key control center or the 
copyright management center, and the data copyright 
management system program are stored in RAM of the 
user terminal unit 20. 

The process of decryption and re-encryption are 
shared t>y MPU 46 of the main body of the user terminal 
20 and CPU 16 of the data copyright management unit 
30; one encrypts data and the other decrypts data, and 
only the processed results of the data copyright manage- 
ment unit 30 are transferred to the user terminal. 



The specific internal structure of the data copyright 
management unit 30 in Rgure 3 is shown in Rgure 4. 

A microcomputer (CPU) 16, read only semiconduc- 
tor merTX>ry (ROM) 18. write/iread memory (RAM) 19. 
5 and electrically erasable programmat)le memory (EEP- 
ROM) 31 are enclosed In the data copyright manage- 
ment unit 30. and are connected to microcomputer bus 
17 of tiie miaocomputer 16, the microcorrputer bus 17 
being further connected to system txis 22 of the user ter- 
10 minal 20 main body. 

The data copyright management system program, 
crypt algoritiim. and the user information are stored in 
the read only semiconductor merTX>ry 18. 

Inside of the electrically erasable programmable 
IS memory 31 is divided into three areas. 

In the first area 35. the first public-key Kb1 . the first 
private-key Kvl . the second public-key Kb2, and tiie sec- 
ond private-key Kv2 are stored. 

In ttie secorxj area 36. the copyright management 
20 pro^m P. the first secret-key Ksl as a permit key in the 
primary use such as view permit/store permit/copy per- 
mit/edit permit^transfer permit, arxl the second secret 
key Ks2 as a permit key in the secondary use such as 
view permit^store permit/dopy permit/edit permitAran^r 
25 permit are stored. 

Further, in some case where the copyright manage- 
ment program is not supplied form the outside, but preset 
in the user side, the copyright management program is 
stored in the read only menrxsry 18. ratiier than in the 
30 second area 36 of the electrically erasable programma- 
tHe memory 31 . 

In the third area 37, copyright information such as 
the original copyright information and the secondary 
copyright infornmtion. and air access control key are 
35 Stored. 

As in the case of the electrkally erasable program- 
mat)le memcxy 31. inside of the write/read menrary 19 
is divided into three areas. 

In the first area 32, the first public-key Kbi , the first 
40 private-k^ Kvl. arxi the second public-key Kb2 are 
stored during operation. 

In the second area 33, the first secret-key Ksl as a 
permit key in the primary utilization such as view per- 
mit/!5tore permit/copy permit/edit permit/transfer permit 
45 is stored during operation. 

In the third area 34. an access control key is stored 
during operation. 

The user terminal attached with the data copyright 
management apparatus is reliable since it performs all 
50 the process for utilizing data within the data copyright 
management unit related to the present invention, so that 
only the results are transferred to the user terminal for 
various utilization. 

When pk:ture data containing large amount of infor- 
55 mation is transmitted/received, original data is transmit- 
ted after being compressed in order to reduce tiie 
amount of data and the compressed data is expanded 
after reception to utilize it. In this case, data copyright 
may be managed tiy encryption. 
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In Rgure 5. an example of data copyright manage- 
ment flow wtien encrypted data is digital picture com- 
pressed in JPEG standard or MPEG standard. The flow 
is divided into transmitting side flow and receiving side 
flew with a transmit line in between, and the receiving 
side flow is further divided into display flow and storage 
flow. 

The signal process in the transmitting side consists 
of process preparing digital picture and process process- 
ing the cfigital picture prepared. In this process, if an orig- 
inal picture is the digital picture 41, It proceeds to next 
process. If an original image is an analog picture 40, dig- 
itizing process 42 is performed. 

The digital picture 6 compressed 43 f rst by given 
standard such as JPEG standard, or MPEG standard, 
then the compressed cfigrtal data is encrypted 44 using 
the first secret-key. 

The picture data signal processed in transmitting 
side is transmitted through transmission line 45 such as 
satellite broadcasting wave, terrestrial k>roadcasting 
wave. CATV wave, or put)lic telephone line^SDN line. 

Further, recording media such as a digital video 
tape, a cfigHal video disK or CD-ROM may t>e used as 
the transm^sion line. 

Thus the picture data transmitted to the receiving 
side is decrypted 46 first using the first secret key, then 
the corrpressed picture data is expanded 47 to be dis- 
played 49. When the cfisplay is a digital data display unit, 
it is directly displayed, however, when it is an analog data 
display unit, it is converted to analog data 48. 

\Nhm data is stored in hard disK flexible disk, optical 
magnetic disK writable video disk or the like, it is stored 
after being re-encrypted 50 using the second secret key. 

In displaying again the pk:ture data re-encrypted and 
stored, it is re-decrypted 52 using the second secret key 
arxJ displayed 49. If the display unit is a digital data dis- 
play unit, it is directly displayed, however, rf it is an analog 
data display unit rt is converted to anak>g data 48. 

Moreover, for data compressi on/expansion means 
ond transmisston path, appropriate ones corrpatible with 
the data are used. 

Figure 6 shows an example of the data copyright 
manag^nent system disclosed in the prbr Japanese 
Patent AppHcation Ho. 237673/1994. This system uses 
the secret-key system as a cryptosystm. 

In the case of this system, reference numeral 1 rep- 
resents a database in which text data, binary data sen^-^ 
ing as a computer^ graphic display or a computer 
program, digital audio data, and digital picture data are 
stored by being encrypted. 14 represents a space satel- 
lite such as a communk;ations satellite or a broadcasting 
satellite, 15 represents a data recorder such as a CD- 
ROM or a flexible disK 2 represents a communication 
network such as a put)lic telephone line offered by a com- 
municatbn enterpr^ or a CATV line offered t>y a cable 
television enterprise, 4 represents a primary user termi- 
nal, and 1 6 represents a key control center for managing 
a secret-key, and 17 represents a copyright manage- 
ment center for managing a data copyright 



Reference numerals 5, 6, and 7 represent a second- 
ary user terminal, a tertiary user terminal, and n-order 
user terminal respectively, and 11,12, and 13 represent 
a secorxJary disk, tertiary cfisk, and n-oider disk serving 

5 as a recording medium such as a f lexik)le disk or CD- 
ROM respectively. The symbol "n" represents an optional 
integer. When "n" is larger than 4, a corresponding user 
terminal and a corresporxiing disk are arranged t}etween 
the tertiary user terminal 6 and the n-order user terminal 

10 7 and between the tertiary disk 1 2 arxJ the n-order disk 
13 respectively. 

On the above arrangement, thedatabase 1 , key con- 
trol center 1 6, copyright managentent center 1 7. primary 
user terminal 4, secondary user terminal 5, tertiary user 

75 terminal 6, and n-order user terminal 7 are connected to 
the communication network 2. 

In this figure, the path shown by a broken line is a 
path of encrypted data, a path shown by a solid line is a 
path of requests from each user temrinal, and a path 

20 shown by a one-dot chain line is a path through which 
auttiorization information corresponding to a utilization 
request arxi a secret-k^ are transferred. 

Moreover, each user who uses this system is previ- 
ously entered in the database system. When the i^er is 

25 entered in the system, a datat>ase utilization software is 
given to the user. The database utilization software 
includes not only normal communication software such 
as a data communication protocol but also a program for 
running a copyright management pro-am. 

30 Original data MO of text data, binary data as a com- 
puter graphic dsplay or conrputer progrant, digital audio 
data, or digital picture data stored in the database 1 or 
data recording medium 15 is onewy supplied to the pri- 
mary user terminal 4 via the communication network 2. 

35 satellite 1 4 or recordng medium 1 5. 

In this case, the data is encrypted with a first secret- 
key Ksl: 

CmOksl »E(Ks1,M0). 

40 

Even if data provided with advertisement to be 
offered free of charge, rt is necessary to t>e encrypted in 
order to protect the copyright. 

It is disclosed in the Japanese Patent Application 
45 No. 64889/1994 which is the prior application that ttie 
data utilization includes not only displaying of data which 
is the most basic usage but also storing, editing, copying, 
and transmitting of the data, a use permit key isprepared ' 
which corresponds to one or several forms of usage, and 
50 its management is executed by tiie copyright manage- 
ment program. 

Moreover, it is descril3ed there that data is encrypted 
again by the copyright management program for use 
such as storing, copying, editing arxi transmitting of tiie 
55 data other than displaying of the data and displaying for 
editing tiie data. 

In other words, the data whose copyright is claimed 
is encrypted to t>e distritxited, and only when the data is 
displayed or displayed for editing the data in a user ter- 
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minal having a copyright treatment function, the data is 
decrypted to a plaintext 

Thte system disclosed in Japanese Patent Applica- 
tion No. 237673/19d4 uses the method descn'bed in the 
prior application No. 64889/1 994. s 

A primary user who desires primary utilization off the 
supplied encrypted data CmOksl requests lor primary 
utilization off the encrypted original data CmOksl by des- 
ignating the original data name or the original data 
number to the key control center 1 6 via the communica- io 
tion network 2 from the primary user terminal 4. In this 
case, the primary user must present information lul for 
primary user to the key control center 16. 

The key control center 16 receiving the primary uti- 
lization request from the primary user terminal 4 trans- 75 
fers first seaet-key Ks1 for decrypting the encrypted 
original data CmOksl obtained from the da1at>ase 1 by 
the primary user and second secret-key Ks2 for re- 
encrypting the decrypted original data MO or edited data 
Ml from the original data, together with a copyright man- 20 
agenfierrt program P via the comminication network 2 to 
the primary user terminal 4. 

In the primary user terminal 4 receiving the first 
secret-key Ksl as a decryption key and the second 
secret-key Ks2 as an encryption/decryption key, the 25 
encrypted original data CmOksl Is decrypted by the first 
secret-key Ksl using the copyright management pro- 
gram P 

MO = D(Ks1, CmOksl) so 

to use the decrypted original data MO directly or data M1 
as edited. 

When the data M which is the original data MO or 
edited data Ml is stored in a memory or a built-in hard 3S 
disk drive of the primary user terminal 4, only the primary 
user can use the data. Hcwever, when the data Mis cop- 
ied to the external recording medium 1 1 such as aflexble 
disk a transmitted to the secondary user terminal 5 via 
the communication network 2, a problem of a copyright 40 
due to secondary utilization occurs. 

When the original data MO obtained by the primary 
user is directly copied and supplied to a secondary user, 
the copyright of the primary user is not effected on the 
data MO because the original data MO is not nrx)dif ied at 45 
all. However, when the primary user produces new data 
Ml t)y editing the obtained data MO or by using means 
" ^such as combination with other data, the copyright of the 
primary user, i. e., secorxJary exploitation right occunred 
from secondarily utilizing original data, is effected on the so 
data Ml. 

Similariy, when a secondary user produces new 
data M2 by editing the original data MO or edited data 
M1 obtained from the primary user or by means such as 
combination of other data, the copyright of the secondary ^ 
user; i. e., secondary exploitation right on the secondary 
user is also effected. 

In this system, to conrespond to the prok>lem of the 
copyright, the data M is encrypted by the second seaet- 



key Ks2 using the copyright nianagement program P 
when the data M is stored, copied, or transmitted. There- 
after, in the primary user terminal 4, the data M is 
decrypted and encrypted by the second secret-key Ks2: 

Cmks2 = E(l^, M) 
M = D(Ks2, Cmks2). 

It is free in principle tfiat the primary user displays 
and edits data to obtain edited data. In this case, how- 
ever, it is possible to limit the repetitions of the operation 
by the copyright managennent program. 

When the data M is copied to the external recording 
medium 1 1 or transmitted via the connmunication net- 
work 2, the first secret-k^ Ksl and the second secret- 
key Ks2 in tfie primary user terminal 4 are disused t;y the 
copyright management program R Therefore, when 
reusing the data M ttie primary user requests for utiliza- 
tion of tiie data M to the key control center 16 to again 
obtain the second secret-key Ks2. 

The fact that the user receives the regrant of the sec- 
ond secret-key Ks2 represents secondary utilization off 
data in whk:h the data M has been copied to the external 
recording medium 11 or transmitted to the secondary 
user terminal 5 via the communication network 2. TTiere- 
fore, the fact is entered in the copyright management 
center 1 7 from tffie key control center 1 6 and sut)S6quent 
secondary utilization comes possble. 

The data M is moved from the primary user terminal 
4 to the secondary user terminal 5 t>y the external record- 
ing medium 1 1 or the communication network 2. When 
the data M is copied to the external recording medium 
1 1 or transmitted via the communication network 2, it is 
erwrypted by the second secret-key Ks2. 

When the data M is copied to the external recording 
medium 11 or transnrtitted via the communication net- 
work 2, the first secret-key Ksl and the second secret- 
key K82 in the primary user terminal 4 are disused. In 
this time, ur^rypted primary user information lul is 
added to the encrypted data Cmks2 stored in the primary 
user terminal 4 and when the encrypted data Cmks2 Is 
transmitted to the secondary user, the primary user infor- 
mation Iu1 is also transferred. 

A secondary user who desires secondary utilization 
of the encrypted data Cmks2 copied or transmitted from 
the primary user nrujst designate original data name or 
data number to the copyright management center 1 7 via 
the communication network 2 tiy the secondary user ter- 
minal 5 and also present the secondary user irrlbrmation 
lu2 to request for secondary utilization of the data Cmks2 
to the center 1 7. In this time, the secondary user further 
presents the uncrypted primary user information lul 
added to the encrypted data Cmks2 in order to clarify the 
relationship with the primary user. 

The copyright management center 1 7 confirms that 
the primary user has received a regrant of the second 
secret-key Ks2 for secondary-utilizing the data, in 
accordance with the presented primary user information 
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Iu1 and then, transfers the second secret-key Ks2 send- 
ing as a decryption key and the third secret-key Ks3 serv- 
ing as an encryption/decryption key to the secondary 
user terminal 5 via the communication network 2. 

In the secondary user terminal 5 receiving the sec- s 
ond seaet-key Ks2 and the third secret-k^ Ks3. the 
encrypted data Cmks2 is decrypted using the second 
secret-key Ks2 by the copyright management program P 

M = D(Ks2. Cmks2) io 

and Is secondarily utilized such as being displayed or 
edited. 

In this system, the key control center 16 processes 
a primary utilization requests arxi the copyright manage- is 
ment center 17 processes a secondary utilization 
recpjesls. While the data M supplied to a primary user is 
encrypted by the first secret-key Ksl, the data M sup- 
plied to a secondary user is encrypted by the second 
secret-key Ks2. Moreover, the first secret-key Ks1 and 20 
the second secret-key Ks2 are transferred to the primary 
user as crypt keys from the key control center 1 6. 

Therefore, if the secondary user, ir^tead of the pri- 
mary user, falsely requests for primary utilization to the 
key control center 16, thefirst secret-k^ Ksl for decryp- 25 
tlon and the second secret-key Ks2 for encryp- 
tion^ecryption are transferred to the secondary user. 
However, the secondary user cannot decrypt the 
encrypted data Cmks2 t)y using the first secret-key Kb1 
transferred as a decryption key. 30 

Therefore, rt is impossible to falsely request lor data 
utilization and resultingly, not only the original copyright 
of data but also the copyright of the primary user on the 
data are protected. 

When storing, copying, or transmittir^ of the data M 35 
other than displaying and displaying for editing is per- 
formed in the secondary user terminal 5, the data M is 
encrypted using the third secret-key Ks3 t)y the copyright 
management program P and thereafter, the data ^ 
decrypted and encrypted by the third secret-key Ks3: 4o 

Cmks3 = E(Ks3, M) 

M = D(Ks3,Cmks3). 

45 

Moreover, rt Is free In principle tfiat the secondary 
user displays and edits data to obtain the edited data M2. 
In this dase,'it Is possble to limit the repetitions of the 
operation t)y the copyright management program R 

When the data M Is copied to the external recording so 
medium 12 or transmitted via the communication net- 
work 2, the second secret-key Ks2 and the third secret- 
k^ Ks3 in the secondary user terminal 5 are disused by 
the copyright management program P. Therefore, when 
raising the data M, the secondary user requests for the ss 
utilization of the data to the copyright managenDent 
center 17 to again obtain the third secret-key Ks3. 

The fact that the secondary user receives a regrant 
of the third secret-k^ Ks3 represents secondary utiliza- 



tion of data In which the data M has been copied to the 
external recording medium 12 or transmitted to the ter- 
tiary user terminal 6 via the communication network 2. 
Therefore, the fact is entered in the copyright manage- 
ment center 1 7 and allows subsequent data use. 

The data M Is moved from the secondary user ter- 
minal 5 to the tertiary user terminal 6 by the extemal 
recording medium 12 or by the communication network 
2. When the data M Is copied to the external recording 
medium 12 or transmitted via the communication net- 
work 2, it is encrypted by the third secret-k^ KsS. 

When the data M is copied to the external recording 
medium 12 or transmitted to the tertiary us^ terminal 6 
via the communication network 2, the secorxi secret-key 
Ks2 and the third secret-key Ks3 in the secondary user 
terminal 5 are doused. In this case, the uncrypted sec- 
ondary user Information Iu2 is added to the encrypted 
data Cmks3 stored In the secondary user tenranal 5, and 
when the encrypted data Cmks3 is ti^ansmitted to a ter- 
tiary user, the secondary user infonmation Iu2 Is also 
transferred. 

In adding each user Information to data, there are 
two cases: a case in which every information is added to 
data whenever rt is copied or transmitted; and another in 
whk;h the history updated whenever the data Is copied 
or transmitted Is stored In the copyright management 
center. 

A tertiary user who desires tertiary utilization of the 
encrypted data Cmks3 copied or transmitted from the 
secondary user must designate original data name or 
nurTt>er to the copyright management center 1 7 from a 
tertiary user terminal 6 via tiie convnunication network 
2 and also presents the tertiary user infomration Iu3 to 
request for tertiary utilization of the data. In this time, tiie 
tertiary user further presents the uncrypted secorxiary 
user Information Iu2 added to the encrypted data Cmks3 
in order to clarify the relationship with the secondary 
user. 

The copyright management center 1 7 conf rrms that 
the secondary user has received a regrant of the third 
secret-key Ks3 for preparation of tertiary-utilizing the 
data, in accordance with the presented secondary user 
information Iu2 arxi then, transfers the third secret-key 
KsS serving as a decryption k^ and fourth seaet- 
keyK&4 serving as an encryptionAiecryption key to the 
tertiary user terminal 6 via the communication network 2. 

In the tertiary user terminal 6 receiving the third 
secret-key Ks3 and the fourth secret-key "Ks4r tiie 
encrypted data Cmks3 Is decrypted using the third 
secret-k^Ks3 by the copyright management program P 

M = D(Ks3. Cmks3) 

and istertiarily utilized such as being displayed or edited. 

In this system, the data M supplied to tie primary 
user is encrypted t>y the first secret-key Ksl and the data 
M supplied to the secondary user is encrypted by the 
second secret-key Ks2, and the data M supplied to the 
tertiary user Is encrypted by the third secret-key Ks3. 
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Therefore, if the tertiary user, instead of the primary 
user, falsely requests for primary utilization to the 
control center 1 6, the first secret-key Ks1 for decryption 
and the secorxi seaet-key Ks2 for erYcryption/decryption 
are transferred to the tertiary user. However, it is impos- 
sible to decrypt the encrypted data Cmks3 by the first 
secret-key Ksl transferred as a decryption key Moreo- 
ver, if the tertiary user. Instead of the secondary user, 
falsely requests for secondary utilization to the copyright 
management center 1 7, the second secret-k^ Ks2 and 
the third secret-key 1^ are transferred to the tertiary 
user as a decryption key and an encryptionAdecryption 
key respectively. Howevm-, it 'is impossible to decrypt the 
encrypted data Cml^ t>y the second secret-key Ks2 
transferred as a decryptkxi key. 

TTierefore. it is impossa)le to falsely request for data 
utilization. As a result not only the original copyright of 
the data but also the copyrights of the primary and sec- 
ondary users on the data are protected. 

TTie same procedure is applied to quaternary and 
siibsequent utilization. 

In the atxjve descrfl^ed system, the datat>ase 1 , key 
control center 1 6, and copyright management center 1 7 
are separately arranged. Howev^, it Is not always nec- 
essary to arrange them separately It also possible to 
set all of or proper two of them integrally. 

Moreover, it is also possble to request for a regrant 
of the secondary secret-key from the primary user not to 
the key control center 16 but to the copyright manage- 
ment center 17. 

In Figures 7(a) and 7(b), signal process flow in data 
edit method of digital vkieo or digital audio is shown. An 
edit flow generally processed is shown in 7(a) and an 
edit flow 7(b) which can avoid deterioratk>n of signals. 

In the edit flow shown in 7(a), signals siJ¥)plied as 
digital sigials 61 are converted to analog signals 62, the 
anak)g signals are then edited while being displayed 64, 
arKJ the analog signals completed editing are re-digitized 
65 to t>e stored, copied, arxl transferred 66. 

Though this process may be simple, it can not avoid 
deterioration of signals since signal is edited in analog 
and re-digitized after completion of editing. 

The edit fbw shown in 7(b), digital signals 61 are 
converted to analog signals 62 to t>e displayed. While the 
analog signals 62 are used in editing 63, the analog sig- 
nals are used only for displaying 64 rather than for stor- 
ing, copying, transferring. 

-r-^ Signals fbrstorage, copy, and transfer are edited 67, 
copied, and transferred 66 in the form of digital signals 
61 correspond to signals displayed in analog. 

In the case of this edit flow, there is no deterioration 
of signals since cfigital signals which are stored, copied, 
and transfenred are never converted to analog signals. 

Figures 8(a) and 8(b) illustrate flow examples when 
editing encrypted data to which signal process in data 
editing method of digital video or digital audio shown in 
Rgure is applied. 8(a) shows a simplified signal process- 
ing flow and 8(b) shows a signal processing flow which 
allows sufficient copyright management. 



In the signal processing flow shown in (a), the orig- 
inal data 71 CmOksl , encrypted using thef irst secret-key 
Ksl and supplied is initially decrypted 72 using the first 
secret key Ksl : 

5 

MO=D (Ksl, CmOksl), 

and the decrypted data MO is then edited 73 while being 
displayed 74. The data Ml conpleted editing is re- 
10 encrypted 75 using the second seaet key Ks2: 

Cm1ks2=E (1^, Ml) 

and stored, copied, and transferred 76. 

15 Though the process may t>e simple, copyright can 
not be property managed since there ts possitxlity that 
the decrypted data might be stored, copied, or trans- 
ferred due to the data editing process in decrypted form. 
On the other harxj, in the signal processing flow 

20 shown in 8(b), the original data 71 CmOksl, encrypted 
using the first secret key Ksl is decrypted 72 using the 
first secret-key 1^1: 

MO=D (Ksl. CmOksl) 

25 

the decrypted data MO is displayed 74. 

While, the encrypted data CmOksl is edited 73, lead 
by the decrypted data MO. and the original data MO for 
storage or the edited data Ml are re-encrypted usir^ the 
30 second seaet-key: 

Cm0ks2=E (Ks2. MO) 

Cm1ks2=E (Ks2. Ml) 

35 

the encrypted data Cm0ks2 or Cml ks2 is stored, copied, 
and transferred 76. 

Without t>eing decrypted corresponding to the 
decrypted and displayed data, it is edited 77 in the 

40 encrypted form, and the edition program and the data 
still encrypted are used for store, copy, transfer 76. 

In the case of this signal processing flow, the 
decrypted data are never stored, copied, or transferred 
since the data for storage, copy, transfer remains 

45 encrypted. 

In the data copyright management system which 
applies the data copyright management apparatus of the 
present inventionr while dataMs decrypted for utilization 
when the obtained encrypted data are displayed/edited. 

50 data copyright is managed t>y encrypting data when 
obtained or edited data is stored/copied/transferred. 

However, the data copyright management unit 15 of 
the prior invention shown in Rgure 2 and the data copy- 
right management unit 30 of the present invention 

55 described in Figure 3 can perform only one process of 
decryption of encrypted data or encryption of decrypted 
data. When decrypted or edited data is stored/cop- 
ied/transferred, therefore, it is necessary to store data in 
the user terminal or RAM of the data copyright manage- 
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ment apparatus to re-encrypt the stored data afterwards. 
Thus, there is a possibiltty that decrypted or edited data 
might t>e lost due to accident or misoperation as well as 
posing limitation in volume to the data that can be proc- 
essed. 5 

With the exception of some high-class MPU general 
MPU used in personal computers does not take into 
account the nfutt9)rocessor configuration which allows 
concurrent operation of plural miaocomputers. There- 
fore, plural operations can not be performed at the same io 
time, although accessory units are connected to the sys- 
tem bus of the personal computer. 

Accordingly, to connect the data copyright manage- 
ment unit 1 5 shown in Rgure 2 or the data copyright man- 
agement unit 30 shown in Rgure 3 to the system bus 22 is 
of the user terminal 20 ne^er provides multiprocessor 
function that enables concurrent operation of MPU 21 or 
46 and CPU 16, and the processes of decryption of 
encrypted data and re-encryption of decrypted data are 
performed alternately, not concurrently. Thus, a large 20 
amount of data can not be processed since the data to 
be encrypted and decrypted limited t)y the capacity of 
RAM. Further, it is inpossible to increase the processing 
speed, even if the amount of data is not larga 

On the other harKl. in the data copyright manage- ss 
ment system described as the prior application, 
encrypted data obtained is decrypted to use for cfisplay- 
ing or editing, and when the obtained or edited data Is 
stored, copied, or transferred, it is re-encrypted in order 
to prevent unauthorized utilization of the data. Therefore. 30 
it is desirable that the apparatus in the data copyright 
management system of the present invention performs 
not only decryption but also re-encryption of data at the 
same time. 

Recently, a PCI (Peripheral Component Intercon- 35 
nect) bus has attracted attention as means for inrple- 
menting a multiprocessor configuration of typical 
personal computer. 

The PCI bus is a bus for eocternal connection con- 
nected to a system bus of personal conputer via a PCI 40 
bridge, and allows to implement a multiprocessor config- 
uration. 

Rgure 9 shows embodiment 2 of this invention, 
which \s a configuration of data copyright management 
apparatus using a PCI bus and the same configuration 45 
of data copyright managennent unit 15 as shown in Fig- 
ure 3. that is. a computer configuration having a CPU 1 6. 
a local bus 17 for the CPU 16, and R0M«18; RAM 19r - 
and EEPROM 31 connected to the local bus 17. 

In a user terminal 20, a PCI bus 81 Is connected to so 
a system tx^ 22 for a microprocessor 21 viaaPCI bridge 
82 and the local bus 1 7 for the CPU 1 6 of a data copyright 
management apparatus 80 is connected to the PCI bus 
81 . Also connected to the system bus 22 of the user ter- 
minal 20 are a corrvnuiications device (COMM) 23 ss 
which receives data from external databases arxi trans- 
fers data to the external of tire terminal, a CD-ROM drive 
(CDRD) 24 which reads data supplied on CD-ROM a 
flexible disk drive (FDD) 25 which copies received or 



edited data to supply to the external of terminal, and hard 
disk drive (HDD) 26 used for storing data. COMM 23, 
CDRD 24, FDD 25, and HDD 26 may also be connected 
to the PCI bus 81. 

While ROM, RAM etc.. of course, are connected to 
the system bus 22 of the user terminal, these are not 
shown in Rgure 9. 

Configurations and operations of other parts are the 
same as emtxxiiment 1 shown in Figure 3, and further 
explanation of them will t>e omitted. 

A decryption task is performed by the MPU 21 ofthe 
user terminal 20 and an encryption task performed by 
the CPU 16 of the data copyright managemerrt appara- 
tus 80 at the same time, and vice versa Since the con- 
figuration of the MPU 21 and CPU 16 in this embodiment 
is a multiprosessor configuration which perfbmis parallel 
processing witii a PCI bus. high processing speed can 
beachie/ed. 

Ottier typical means for attaching external devices 
to a personal computer include SCSI (Small Computer 
System Interlace), whk:h is used for the connection of 
external storage medium such as hard disk drives and 
CD-ROM drives. 

Up to eight devices, including the personal computer 
itself to which SCSI is attached, can be connected to 
SCSI, and a plurality of corrputers may be included in 
the eight devicea Each of these computers can play an 
equivalent role, in other words, SCSI function as not only 
an interface but also a multiprocessor bu& 

Taking advantage of this function of SCSI, embodi- 
ment 3 connects a data copyright management appara- 
ti^ 85 to the system bus 22 of a user terminal 20 via 
SCSI 86 (hereinafter called the 'SCSI bus", for dear 
under^arKOng) instead of the PCI bus 81 in embodiment 
2. 

Rgure 1 0 shows a conf iguratton block cfiagram of a 
data copyright management apparatus of entxxJiment 3 
which uses and SCSI bus according to the present inven- 
tion. 

In embodiment 3, the configuration of the data cop- 
yright management apparatus 85 is the same as the data 
copyright management apparatus shown in Rgure 3, 
that is, the apparatus has a CPU 16, a local bus 17 for 
ttie CPU 16, and ROM 18, RAM 19, and EEPROM 31 
connected to the local bus 1 7. 

On the other hand, an SCSI bus 86. which is con- 
trolled by an SCSI controller (SCSICONT) 87, is con- 
- nected to a system bus 22 for a microprocessor 2 1 of a ~ ^ • '~ . 

user terminal 20. and the local bus 17 forttie CPU 16 of 
a data copyright management apparatus 85 Is con- 
nected to this SCSI bus 86. 

Also connected to the system bus 22 of the user ter- 
minal 20 are a conrununications de^ce (COMM) 23 
which receives data from external databases and trans- 
fers data to the extemal of the terminal, a CD-ROM drive 
(CDRD) 24 which reads data supplied on CD-ROM. a 
flexible disk drive (FDD) 25 which copies received or 
edited data to supply to the extemal of terminal, and hard 
disk drive (HDD) 26 used for storing data. COMM 23, 
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CDRD 24. FDD 25, and HDD 26 may also be connected 
to the SCSI bus 86. 

While ROM. RAM etc.. of course, are connected to 
the system bus 22 of the user terminal, these are not 
shown in Figure 10. s 

Configurations and operations of other parts are the 
same as embodimnt 1 shown in Rgure 3, arvl further 
explanation of them will be omitted. 

AdecryptiontaskispertornrYedbytheMPU21 ofthe 
user terminal 20 and a encryption task tB performed by io 
the CPU 16 of the data copyright management appara- 
tus 85 at the same time, arxl vice versa. Since the con- 
figuration of the MRU 21 and CPU 1 6 in this embodiment 
is a multiprosessor confi^ration which performs parallel 
processing with an SISI bus 86, high processing speed is 
can be achieved. 

Other means for implementing a multiprocessor 
configuration, such as SCI (Scalable Coherent Inter- 
face), may t>e used. and. if possit)le. the microprocessors 
may be connected with each other without using a bus. 20 

Data to be managed by the data copyright manage- 
ment apparatus of the present invention includes, in 
^Jdition to text data, graphic data, computer programs, 
digital audio data. JPEG-t>ased still picture data, and 
MPEG-t>ased nxjving picture 25 

The atxjvementioned nuttprocessor configuration 
of the data copyright management apparatus 80 of 
embodiment 2 and the data copyright management 
apparatus 85 of errtediment 3 is irrplemented by con- 
necting the apparatus to the system bus 22 of the micro- 30 
processor 21 in the user terminal 20 via a PCI t>us or a 
SCSI bus. In such multiprocessor configuration, the MPU 
21 of the user tenninal 20 must also control the overall 
system. For relatively slow and snrtall data such as text 
data arxi graphic data, data copyright management with 35 
er>cryption and re-encryptk>n can be performed by the 
multprocessor conf iguratfon using the MPU 21 and CPU 
1 6, for JPEGestill-pk;ture-based movirig picture data and 
MPEG1 or MPEQ2-t>ased moving picture data, hcwever. 
data copyright management by such confipiration is 40 
considerably difficult to perform because the data is fast 
and large. 

To deal with this problem, a multiprocessor system 
is configured by connection a first data copyright man- 
agement apparatus 80 and a second data copyright 45 
management apparatus 90 to a PCI bus 81 in embodi- 
ment 4 shown in Rgure 1 1 . 

The configuration ofthe second data copyrigfit man- 
agenmnt apparatus 90 is the same as that of the first 
data copyright management apparatus 80. that is. the so 
apparatus comprises a CPU 91. a local bus 94 for the 
CPU 91. and ROM 92. RAM 93. and EEPROM 95 con- 
nected to the local bus 94. 

In this embodiment, the first data copyright manage- 
ment apparatus 80 decrypts encrypted data and the sec- 55 
ond data copyright management apparatus 90 re- 
encrypts deoTpted data. 

Rxed information, such as software for utilizing data- 
bases and user data, are stored in the ROM 18 of the 



first data copyright management apparatus 80 decrypt- 
ing encrypted data. A first crypt-key and data copyright 
management system program supplied a key control 
center or copyright management center are stored in the 
RAM 19. 

Similarly, fixed information, such as software for uti- 
lizing databases and user data, are stored in the ROM 
92 of the secorxJ data copyright management apparatus 
90 re-erKrypting decrypted data, arxi a secorxJ crypt-key 
arxi data copyright management system program sup- 
plied by a key control center or copyright management 
center are stored in the RAM 93. 

In this multiprocessor configuration, SCSI or SCI 
may t>e used. and. if possit)le. the microprocessors may 
be connected with each other without using a bus. 

In the prior applfoation shown in Rgure 2 arxi in 
embodiment 1 of the present invention descrfoed with 
reference to Rgure 3. the communications device 
(COMM) 23 to which encrypted data is supplied arxi the 
CD-ROM drive (CDRD) 24 are connected to the system 
bus ofthe userterminal 20. In ordertodecrypt encrypted 
data, therefore, the encrypted data nrxjst be transmitted 
by way of the system bus of the user terminal 20 arxi the 
local bi^ of the data copyright management apparatus, 
arxi consequently, the processing speed can be slowed. 
This ts true for a configuration in which those attached 
devices are connected to a PCI bus or SCSI bus. 

In embodinient 5 shown in Figure 1 2. a communica- 
tions device 23 to which encrypted data is supplied and 
a CD-ROM drive 24 are connected to a focal bus 17 of 
a data copyright management apparatus 97 for decryp- 
tion, in order to prevent processing speed from being 
slowed. 

The data copyright management apparatus 97 of 
embodiment 5 shown in Rgure 12 is a data copyright 
man^ement apparatus for decryption and its configura- 
tion is essentially the same as that of the data copyright 
management apparatus 30 of embodiment 1 shown in 
Rgure 3. that is. the computer system has a CPU 16. a 
local bus 17for CPU 16. and ROM 18. RAM 19and EEP- 
ROM 31 connected to the local txjs 17. and a communi- 
cation device COMM 23 and a CD-ROM drive CDRD 24 
are connected to the local bus 17. 

Rxed information, such as a copyright management 
program, cryptography program based on crypt algo- 
rithm, arxi user data, are stored in the ROM 18. 

Copyright information ^ stored in the EEPROM 31 . 
If ttie copyright management program arxi cryptography 
program are supplied from the extemal such as data- 
bases, those programs are stored in the EEPROM 31, 
rattier ttian in ttie ROM 18. 

A crypt-key for decryption and a data copyright man- 
agement system program supplied from a key control 
center or copyright management center are stored in ttie 
RAM 19. 

Encrypted data supplied from the COMM 23 or 
CDRD 24 is decrypted the data copyright manage- 
ment apparatus 97 and transferred to a user terminal 95. 
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While the abcve-mentioned data copyright manage- 
ment apparatus 80 and 90 of embodiment 4 are 
desaibed as being configured separately, these appa- 
ratus, of course, can be configured as a unit. 

Figure 13 shows a data copyright management s 
apparatus of embocfiment 6 which is extended from the 
data copyright management apparatus 97 of embodi- 
ment 5. 

In the prior application shewn in Rgure 2 and the 
embodiment 1 deserved with reference to Figure 3, the io 
storage medium, such as HDD 26, for storing re- 
encrypted data are connected to the system bus 22 of 
the user terminal 20. In order to store re-encrypted data, 
therefore, the encrypted data must be transmitted by way 
of the system bus 22 of the user terminal 20 and the local is 
bus 17 of the data copyright management unit 15or data 
copyright management unit 30, and consequently, 
processing speed can be slewed. This is true for a con- 
figuration in which those attached deAces are connected 
to a PCI bus or SCSI bu& 20 

In the data copyright management apparatus 100 of 
the embodiment 6 shown in Rgure 13, in addition to the 
communications device COMM 23 and the CD-ROM 
drive CD RD 24 connected to the local bus 1 7 in the data 
copyright management apparatus 97 for decryption in 25 
the embodimerrt 5 shown in Figure 12, storage devices 
such as HDD 26 for storing re-encrypted data are o(»i- 
nected to the local bus 94 of the data copyright manage- 
ment apparatus 101 for re-encrypbon. 

The configuration of the data copyright management 30 
apparatus 101 for re-encryption in errtxxiiment 6 is 
essentially the same as that of the data copyright man- 
agement unit 30 shown in Rgure 3, that is. the computer 
system has a CPU 91, a local bus 94 for the CPU 91. 
and ROM 92. RAM 93 and EEPROM 95 connected to 35 
the local txjs 94, and HDD 26 is connected to the local 
bus 94. 

Fixed information, such as a copyright management 
program, cryptography program b&sed on crypt algo- 
rithm, and user data, are stored in the ROM 92. 40 

Copyright information is stored in the EEPROM 95. 
If the copyright management program and cryptography 
program are si^^plied from the external such as data- 
bases, those programs are stored in the EEPROM 95 
rather than the ROM 92. 45 

A crypt-key for re-encryption and a data copyright 
management system program supplied from a key con- 
trol center or copyright managemiBnt center are stored ^ 
in the RAM 93. 

Data re-encrypted t>y the copyright management so 
apparatus 101 for re-encryptkHi is stored in HDD 26. 

While the above-mentioned data copyright manage- 
ment apparatus 100 and 101 of embodiment 6 are 
desait>ed as being configured separately, these appa- 
ratus, of course, can be configured as a unit. ss 

Digital data includes, in addition to text data, graphic 
data, computer programs, digital sound data. JPEG- 
based still picture data, and MPEQ-t>ased moving pic- 
ture data. 



A typk^al user terminal which utilizes copyrighted 
data is computer apparatus such as personal oorrputers. 
Other apparatus which utilize such data are receivers 
such as television sets, set-top txxxes used with those 
receivers, digital recording apparatus such as video tape 
recorders, digital video cfisk recorders, and digital audio 
tapes (DAT) which store digital data, and personal digital 
assistants (PDA). 

The data copyright management apparatus shewn 
in Rgire 2 which is configured as an expansion board. 
IC card, or PC card and descrit>ed in the prior patent 
application No. 237673/1994 or the data copyright man- 
agement apparatus shown in Rgure 6 may be used by 
attaching it to a user terminal which is a computer, 
receiver, set-top box. digital recording medium, or PDA. 
IHowever. it is desirat)le that a data copyright manage- 
ment apparatus e factory-installed in the user terminal 
in order to eliminate labor and failure during the attach- 
ment of the apparatus. 

To accorinplish this, in each embocGment of the 
present invention, a data copyright management appa- 
ratus is implemented in the form of a monolithic IC. hybrid 
IC, or built-in subboard and is incorporated in a user ter- 
minal such as computer apparatus such as personal 
computers, recovers such as television sets, set-top 
boxes used with those receivers, digital recording 
medium such as digital video tape recorders, digital 
video disk recorders, and digital audio tape (DAT) which 
store digital signals, or personal digital assistants (PD^. 

Further, the apparatus for managing data copyright 
described above can be applied not only to the data uti- 
lization but also to the handling of the digital cash and 
video confererK^e systems. 

The digital cash system which h^ t>een proposed 
so far is based on a secret-key cryptosystem. The 
encrypted digital cash data is transferred from a bank 
account or a cash service of a credit company, arxi is 
stored in the IC card so that a temtinat device lor input/ 
output is used to make a payment. The digital cash sys- 
tem which uses this IC card as an electronic cash-txix 
can be used at any place such as shops or the like as 
long as the input/ output terminal is installed. However, 
the system cannot be used at places such as homes or 
the like where no iriput/output terminal is installed. 

Since the digital cash is an encrypted data, any 
device can be used as the electronic cash-box which 
stores digital cash data, in adcfition to the IC card, as long 
as the device can store encrypted data and transmit the " 
data to the party to which the payment is made. As a 
terminal which can be specifically used as the electrons 
cash-txM, there are personal computers, intelligent tele- 
vision sets, portable telephone sets such as personal 
information terminal, personal handyphone system 
(PHS). intelligent telephone sets, and PC cards or the 
like which has an input/ output function. 

Trades in v^ich such terminals are used as an elec- 
tronic cash-txxx for a digital cash can be actualized by 
replacing in the constitution of the data copyright man- 
agement system, the database with a customer's bank. 
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a first user terminal with a customer, the second user 
terminal with a retailer, the copyright control center with 
a retailer's bank and a third user terminal with a whole- 
saler or a niaker. 

An example of the tradng system will be explained s 
in which the digital cash Is transfOTed via a communica- 
tion network by using Rgure 14. 

The example uses the constitutbn of the data cop- 
yright management system shown in Rgure 1 . In Rgure 
1 4. reference numeral 1 1 1 represents a customer, 112 io 
al>ar^ofthecustomer111, USaretail shop. 114abank 
of the retail shop 113, 115 a maker, 116 a bank of the 
maker 1 15, 2 a communication network such as a public 
line provided by a oomnuink^ation enterprise or CATV 
line provided by a cable televiskm enterprise. Customer is 
111, the customer's bank 112, the retail shop 113, the 
retail shop's bank 114. the maker 1 15, the maker's bank 
1 16 can be mutually connected with the oomnrunication 
network 2. In this system, the customer 111 can use a 
credit corrpany offering cashing sennce other than 20 
t>anks and he can also interpose appropriate number of 
wholesalers t)etween the retail shop and the maker. 

In addftkHi, 117 and 1 18 are either IC cards or PC 
cards in which digital cash data is stored. The cards are 
used when the communk:ation network is not used. 2s 

IncxJentally, in Rgure 14. what is represented by a 
broken line is a path of encrypted digital cash data, what 
is represented by the scM line is a path of requests from 
the customer, the retail shop or the maker, and wfiat is 
represented t>y a on&dot chain line is a path of the 30 
secret-key from each bank. 

In this exarrple. first seaet-key prepared by the cus- 
tomer's bank 1 12. the second secret-key generated by 
the customer, the third secret-key generated by the retail 
shop^ and the fourth secret-key prepared by the maker 3s 
are used as crypt keys. 

Further, while the customer's bank 112, the retail 
shop's bark 114, and the maker's bank 116 are 
explained as separate entities, these can be conskJered 
as a f inancial system as a whole. 40 

Digital cash management program P for encrypting 
and decrypting the digital cash data is preliminarily dis- 
trbuted to the customer 111 and is stored in the user 
terminal. Further, it is possible to transfer the cfigital cash 
management program P together with data every time 4s 
trade with the bank is executed. Further, it is desirat)le to 
install the common digital cash management program P 
inallbanks: *^ . 

The customer 111 uses the user terminal to desig- 
nate the amount of vnmey via the communication net- so 
work 2 to request drawir>g out from the account of the 
customer's bank 1 12 to the bank. At this time, the termi- 
nal presents customer information Ic of the customer 
111. 

The customer's bank 112 which receives the cus- ss 
tamer's request of drawing out from the account selects 
or generates the first secret-k^ Ksl so that the cfigital 
cash data MO of the anfK>unt is encrypted t>y the first 
secret-key Ksl: 



CmOks1=E(Ks1,MO) 

and the encrypted digtal cash data CmOksl and the first 
secret-key Ksl for a decrypting key are transferred to tiie 
customer 111, and the customer information Ic and tiie 
first secret-key Ksl are stored. 

In this case, the first secret-key Ksl can be selected 
from what is preliminarily prepared by the customer's 
bank 112, and also may be generated by presentation of 
the customer irrfbrmation Ic at the time of drawing by the 
customer using the digital cash management program P 
on the basis of the customer information to: 

Ks1=P(lc). 

Through this means, the first secret-key Ksl can be 
private for the customer 111. At the same time, it is not 
necessary to transf^ the first secret-key Ksl to the cus- 
tomer 1 1 1 so that the safety of the system can t)e height- 
ened. 

Further, the first secret-key Ksl can be generated 
on the basis of the bank information lt>s of the customer's 
bank 1 12 or on the t>asis of the bank information lbs and 
the date of k^ generatioa 

The customer 111 to whtoh the encrypted digital 
cash data CmOksl and thefirst secret-key Ks1 are trans- 
ferred generates second secret-k^ 1^ according to 
any one or both of the customer information Ic and the 
first secret-key Ksl using the digital cash management 
program R for example: 

l^=P(lc) 

and the generated second secret-key Hs2 is stored in the 
user terminal. 

Further, the customer 1 1 1 uses the first secret-key 
Ksl to decrypt the encrypted digital cash data CmOksl 
with ttie digital cash management program P: 

MO=D(Ks1, CmOksl) 

and the content is confirmed. When the decrypted digital 
cash data MO whose content is confirmed is stored in 
the user terminal as a cash-bcoc. it is encrypted by the 
generated second secret-key Ks2 using the digital cash 
management program P: 

CmOKs2=E(Ks2. MO>>' '''' • - ' 

The first secret-key Ksl is disused at tfiis time. 

The customer 111 who wishes to buy an article from 
the retail shop 1 13 deaypts the encrypted digital cash 
data CmOks2 which is stored in the user terminal as a 
cash-box by ttie digital cash management program P 
using ttie second secret-key Ks2: 

M0=D(Ks2, CmOks2) 
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and the digital cash data Ml which corresponds to the 
necessary amount of money is encrypted by the second 
secret-key ks2 using the digital cash management pro- 
gram P: 

5 

Cm1ks2=E(Ks2. Ml) 

and then, the payment is made ty transmitting the 
encrypted digital cash data Cml ks2 to the user terminal 
as a cash-kxxc of retail shop 1 1 3 via the communication io 
network 2. 

Atthistime.thecustomer information Ic is also trans- 
mitted to the user terminal of the retail shop 113. 

Further, the residual amount digital cash data M2 is 
encrypted by the second secret-key Ks2 using the digital is 
cash management program P: 

Cm2ks2=E(Ks2. M2) 

arKi stored in the user terminal of the customer 111. 20 

The retail shop 113 to which the encrypted digital 
cash data Cml ks2 and the customer information Ic are 
transferred stores the transferred encrypted digital cash 
data Cm1ks2 and customer infomiation Ic in the user ter- 
minal, and presents the customer information Ic to the 25 
retail shop's bank 1 1 4 via the communication network 2 
for confirming the content to request the transmission of 
the second secret-key Ks2 lor decription. 

The r^il shop's bank 114 which is requested by the 
retail shop 113 to transmit the second secret-key Ks2 30 
transmits the request of the transmission of the second 
secret-key Ks2 and the customer information Ic to tiie 
customer's bank 112. 

The customer's bank 112 which is requested to 
transmit the second seaet-key Ks2 from the retail shop's 35 
bank 1 14 generates the second secret-key Ks2 accord- 
ing to the customer information k; by the digital cash 
management program P in the case where the second 
secret-key Ks2 ts t>ased only on the customer informa- 
tion te, or generates the second seaet-key Ks2 accord- 40 
ing to the customer information Ic and the first secret-key 
Ksl by the digital cash management program P in the 
case where the second secret-key Ks2 is t>ased on the 
customer information Ic arxJ the first seaet-k^ Ksl , and 
transmits the generated second secret-key Ks2 to the 4s 
retail shop's bank 114. 

The retail shop's bank 114 to which the second 
secret^key Ks2 is transmitted from the customer's t>ank 
112 transmits the second secret-k^ Ks2 to the retail 
shop 1 1 3 via the communication network 2. so 

The r^l shop 1 1 3 to whk;h the second secret-key 
Ks2 is transferred decrypts the encrypted digital cash 
data Cm1ks2 by the second seaet-k^ Ks2 using the 
digital cash management program P: 

55 

M1=D(Ks2. Cm1ks2) 

arKi after conf imning the amount of money, fonwards the 
article to the customer 111. 



Incidentally, In this case, the retail shop 1 1 1 can 
directly requests the transfer of the second secret-key 
Ks2 to the customer's bank 112 instead of the retail 
shop's bank 11 4. 

In case where the digital cash received t>y the retail 
shop 1 13 is deposited in the account of the retail shop's 
bank 1 14, the customer information Ic is transferred to 
the retail shop's bank 114 together with the encrypted 
digital cash data Cml ks2 via the comrrainication network 
2. 

The retail shop's t>ank 114 to which the encrypted 
digital cash data Cml ks2 and the customer information 
are transferred requests tiie transfer of the second 
secret-key Ks2 to the customer's bank 1 12 by transmit- 
ting the customer information \c. 

The customer's t>ank 112, which is requested to 
transfer the second secret-k^ Ks2 from the retail shop's 
t>ank 114, generates the secorxi secret-k^ 1^ accord- 
ing to the customer's information Ic by the digital cash 
management program P when the second secret-k^ 
1^ is only based on the aimer's information Ic, or 
generates the second secret-k^ Ks2 according to the 
customer's information te and the first secret-key Ksl by 
the digital cash management program P when the sec- 
ond secret-key Ks2 is t>a&ed on the customer's informa- 
tion Ic and the first seCTet-key Ksl, then the generated 
second secret-key Ks2 is transferred to the retail shop's 
bank 114. 

The retail shop's bank 114, to which the secorxi 
secret-key Ks2 is transferred from the customer's bank 
1 12, decrypts the encrypted digital cash data Cm1ks2 
by the second secret-key Ks2 using the digital cash man- 
agement program P: 

M1=D(Ks2, Cm1ks2) 

and the decrypted digital cash data Ml is deposited in 
tiie bank account of the retail shop's bank 1 1 4. 

In the general trade system, the retail shop 113 
stocks products from the maker 115 or from the whole- 
saler which intervenes between the retail shop 113 and 
the maker 115. Then the retail shop 113 sells the prod- 
ucts to the customer 111. Consequently, a trading form 
is present between the customer 111 and the retail shop 
1 13 just as t>etween the retail shop 113 arxi the maker 
115. 

The handling of tiie digital cash between the retail 
shop 1 13 and the maker 1 15 is not basically different 
from the handling of the digital cash which is carried out 
between the customer 111 and the retail shop 113. 
Therefore, the explanation there will be omitted for the 
sake of clarity. 

In thisdigital cash system, the digital cash is handled 
through bante. As information such as the processed 
anrx)unt of the digital cash, date, and tiie secret-key 
demanding party information witii respect to the handling 
of the digital cash is stored in tiie customer's bank, the 
resklual anxnjnt of digital cash and usage history can be 
grasped. 
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Even in the case where the user ternninal which is 
an electronic cash-box storing the digital cash data can- 
not t>e used owing to the loss or the breakage, it is pos- 
sit))e to reissue the digital cash on the basis of the 
residual amount, and usage history kept in the cus- 
tomer's bank. 

It is deslrat)le to add a digital signature to the digital 
cash data for heighten the safety of the digital cash. 

In th^ example, digital cash is added by the cus- 
tomer's information which may be acconrpanied by dig- 
ital signature. Therefore, the digital cash in the example 
can also have a function of settlement system for 
checques drawn by customers. 

Also this system can be applicable to various sys- 
tems in the international trading such as payment settle- 
ment of import/export by a negotiatfon by a draft using a 
letter of crecfit and a bill of lading which have been exe- 
cuted by documents. 

In the video conference system, a telev^ion picture 
has been added to the conventional voice telephone set 
Recently the video conference system is advanced in 
which a computer system is incorporated in the video 
conference system so that the quality of the voice and 
the picture are improved, and data can t>e handled at the 
same time as well as the voice and the picture 

Under these circumstances, security against the vio- 
latfon of the user's privacy and the data leakage due to 
eavesdropping by persons other than the partfo^>ants of 
the conference are protected by the cryptosystem using 
aseaet-k^. 

However, since the conference content obtained by 
the participants themselves are decrypted, in the case 
where participants themselves store the content of the 
conference arvJ sometimes edit the content and further, 
use for secondary usage such as distrlxjtion to the per- 
sons other than the partidpants of the conference, the 
privacy of other participants of the video conference arxi 
data security remains unprotected. 

In particular, the oonrpression technology of the 
transmission data is advanced while the volume of the 
data storage mecfium is advanced with the result that the 
possibility is getting nfx>re and more realistic that all the 
content of the video conference is copied to the data stor- 
age medium or is transmitted via a network. 

In view of the drcumstarices, the example is 
intended, when video conference partidpants perform 
secondary use. to secure the privacy of other partid- 
pants and data security by using the aforementioned 
constitution of the data copyright management system. 

Ths video conference data management system 
can be actualized, for example, by repladng the data- 
base in the data copyright management system consti- 
tution shown in Rgure 1 with a partidpant of the video 
conference, the first user terminal with another partid- 
pant of the video conference, and the second user ter- 
minal with non-partidpant of the video confererx;a 

An example when utilizing will t>e explained by using 
Rgure 15. 
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Refenring to Figure 15. reference numeral 121 rep- 
resents a partfotpant as a host of the video conference, 
122 a partidpant of the video conference as a guest. 123 
a non-partidpant of the video conference as a user. 1 24 

5 a non-partidpant of the video conference as another 
user. 2 a conminication network such as a public tele- 
phone line provided by the communication enterprise 
and a CA t^evision line provided by the cabie television 
enterprise or the like. The partidpant 121 of the video 

10 conference is connected to the partidpant 122 of the 
video conference via the communication network 2. Fur- 
ther, the partidpant 1 22 of the video conference can be 
connected to the non-partidpant 123 of the video con- 
ference, and the non-partidpant 123 of the video confer- 

15 ence to the non-partidpant 124 of the video conference, 
via the communfoation network 2. Reference numeral 
125 arxi 126 represent a data recording medium. 

Refenring to Rgure 15. what is represented by the 
broken line is a path of tfie encrypted video confer^ice 

20 content, representedbythesdid line is a path requesting 
the crypt key from the non-partidpants of the video con- 
ference 123 and 124 to the partidpant of the television 
conference 121. and represented by the one-dot chain 
line is a path of crypt keys from the partidpant of the 

25 video conference 1 21 to the partidpant of the video con- 
ference 122 and the non-partidpants of the video con- 
ference 123 and 124. 

In ths example, a video conference data manage- 
ment system is described here only the protection for 

30 data security and privacy in case of the video conference 
participant 121 to simplify the explanation, however, it is 
of course, possible to protect for data security and pri- 
vacy of the video conference partfoipant 122. 

A video conference data management program P for 

35 encryption/decryption of the video conference data of 
the partidpant 121 induding audio and picture is previ- 
ously distritxJted to the video conference partidpant 1 22 
and the video conference non-partic^}ants 123 and 124. 
and is stored in each terminal. This video conference 

40 data managemerrt pro-am P m^ be transferred when- 
ever a crypt-key is transferred. 

In this example, further, a first secret-key prepared 
by the video conference participant 121. a second 
secret-key prepared by the video conference participant 

45 1 22. a third secr^-k^ prepared by the video conference 
non-participant 123 and sut>sequent secret-keys pre- 
pared similarly are used as a crypt key 

"The video conference partic^)ant 121 and the video 
conference partk^ipant 1 22 perform the video conference 

so by transmitting audio, pk:ture and data (referred to as 
video conference data on the whole) each other, using 
each terminal via communication network 2. Before the 
video conference, the vkieo conference participant 121 
generates or selects the first secret-key Ksl to transfer 

55 to the video conference participant 1 22 prior to the start 
of the video conference. 

The video conference partidpant 122 receiving the 
first secret-key Ksl generates the second secret-key 



18 



35 



EP0715241 A2 



36 



Ks2 by the first secret-k^ Ks1 using the video confer- 
ence data management program P: 

Ks2=P(Ks1). 

The generated second secret-key Ks2 is stored in 
the terminal. 

The video conference particq^ant 121 encrypts the 
video conference data MO with the first seaet-key Ks1 . 
in the video conference through the communication net- 
work2: 

CmOks1=E(Ks1,MO) 

and transfers the encrypted video conference data 
CmOksl to the video conferer)ce participant 122. 

The video conference participant 1 22 wfK) receives 
thevideoconferencedata CmOksl encrypted tiythefirst 
secret-key Ksl decrypts the video conference data 
CmOksl by the first secret-key 1^1 : 



and supplies the generated second secret-key Ks2 to the 
non-participant of the video conference 123. 

The non-participant of video conference 123 wtK> 
receives the second seaet-key Ks2 decrypts the 
encrypted data Cmks2 by the second secret-key Ks2 by 
using the television conference data management pro- 
-am P: 

M=D(Ks2. Cmks2) 

and then, uses decrypted video conference data M. 

In the case where the video corrference data M is 
stored in the terminal of the non-participant of the video 
conference 123, copied to the record medium 126, or 
transmitted to tiie non-participant of the video confer- 
ence 124, the video conference data M is encrypted k>y 
the secoTKl secret-key KsZ using the video conference 
data management program P: 

Cmks2=E(Ks2, M). 
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M0=D(ks1, CmOksl) 

and uses decrypted video conference data MO. 

Further, the second secret-key Ks2 is generated 25 
based on the first secret-key Ksl with the video confer- 
ence data management program P: 

Ks2=P(Ks1). 

30 

In the case where the decrypted video conference 
data MO is stored in the terminal of the participant 122 
of the video conference, copied to the data record 
medium 125, or transferred to the rKsn-participant of the 
video oonfererK;e via the communication network 2. the 35 
data M is encrypted by the second seaet-key Ks2 using 
the video conference data management program P: 

Cmks2=E(}^, M). 

40 

The encrypted data Cmks2 is copied to the record 
medium 125 or supplied to the non-participant of the 
video conference via the comnumication network 2, 
together with the video conference data name or ttie 
video conference data number. 4s 

The non-partidpant of the video conference 123 
who obtains the encrypted data CmKs2 requests to the 
participant 121 for the secondary use of the video con- 
ference data M from the terminal by specifying the name 
or numt>er of tiie video conference data. so 

The participant 121 of the vk5eo corrference who 
receives the request for tiie second use of the data M 
finds out tiie first seaet-key Ksl according to the nanne 
or the number of the vkieo conference data name or 
number to generate the second seaet-key Ks2 based ss 
on the first secret-key Ksl : 

K82=P(Ks1) 



Incidentally, ttie third seaet-key Ks3 may be gener- 
ated on the t)asis of the secorKi seaet-key Ks2 with the 
video conference data management program P: 

Ks3=P(Ks2), 

and the data M can be encrypted with the video confer- 
ence data ntanagement program P by this generated 
tiiird seaet-key Ks3: 

Cmks3=E(Ks3, M). 

Claims 

1 . A data copyright management apparatus used witti 
a user terminal tor utilizing digital data, 

said digital copyright management apparatus 
conrprising a central processing unit, a central 
processing unit bus, read-only semiconducta mem- 
ay, electrically erasat)le progranvnable memory, 
and read^vrite memory; 

wherein, 

saki central processing unit said read-only 
semiconductor memory, said electrically erasat)le 
programmak)le menrK)ry, and read/write memory are 
connected to said central processing unit bus, and 
a system bus of said user temninaFis able to be con^" ~ 
nected to said central processing unit bus; 

a data copyright management system pro- 
gram, a copyright management program, and user 
information are stored in said read-only semicon- 
ductor memay; 

a second private-key, a permit key, a second 
seaet-key, a copyright management program, and 
copyright information are stored in saki electrically 
erasat>le programmable memory; and 

a first puk)lic-key, a first private-key, a second 
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public-key, and a first crypt-key are transmitted to 
said read^vrite memory during operation. 

2. A data copyright management apparatus used with 

a user terminal for utilizing digital data, s 

said data copyright management apparatus 
corrprising a central processing unit, a central 
processing unit bus, readK)nly seodconductor menv 
ory, electrically erasable programmat3le memory, 
and read/write memory; io 
wherein, 

said central processing unit, said read-only 
semiconductor memory, said electrically erasat)le 
programmat)le memory, and said readyWrite tnetn- 
ory are connected to said central processing unit is 
bus, and a system bus of said user terminal is able 
to be connected to said central processing unit bus; 

a data copyright management system pro- 
gram, a copyright managmnent program, crypt algo- 
rithm, and user information are stored in said read- 20 
only semicorxiuctor menwry; 

a second private-k^, a permit k^, a second 
seaet-key, and copyright information are stored in 
said electrically erasatHe programmat)le menfK>ry; 
and 25 

a first public-key, a first private-k^, a second 
put)lic-key, and a first crypt-key are transmitted to 
said read/write menxny during operation. 

3. The data copyright management apparatus accord- 30 
ing to Claim 1 or 2, which is configured in the form 
ofair IC. 

4. The data copyright management apparatus accord- 
ing to Claim 1 or 2, which is configured in the form 35 
of an IC card. 

5. The data copyright management apparatus accord- 
ing to Claim 1 or 2, which is configured in the form 

of a PC card. 40 

6. The data copyright management apparatus accord- 
ing to Claim 1 or 2, which is configured in the form 
of an insertion board. 



8. A data copyright management apparatus used in a 
user terminal for decrypting encrypted data to dis- 
play or edit said data and for re-encrypting decrypted 
data to store, copy, or transfer said data; 

said data copyright management apparatus 
comprising a first microprocessor and a secorxj 
nucroprocessor; 

wherein, a first computer corrprising a first 
local txjs connected to said first microprocessor, arxl 
first read-only semiconductor memory arid first 
readAwrite memory connected to said first local bus; 
and, 

a second computer comprising a second 
local bus connected to said secorxl microprocessor, 
and second read-only semiconductor memory and 
second read/write memory connected said second 
local bus are configured; 

whereby, sakJ first microprocessor decrypts 
encrypted data, and 

said second microprocessor re-encrypts 
decrypted data. 



7. A data copyright management apparatus used in a 
user terminal for decrypting encrypted data to dis- 
play or edit said data and for re-er)crypti ng deaypted 
data to store, copy, or transfer said data; 

wherein, a computer comprising a microproc- so 
essor, a focal bus connected to said microprocessor, 
read-only semiconductor memory and readNvrite 
memory connected to said local bus is configured; 

whereby, one of the microprocessor of saki 
user terminal and the microprocessor of said data ss 
copyright management apparatus performs decryp- 
tion and the other performs re-encryption. 
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Defective images within this document are accurate representations of the original 
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□ GRAY SCALE DOCUMENTS 



□ REFERENCE(S) OR EXHIBIT(S) SUBMITTED ARE POOR QUALITY 

□ OTHER: 
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